RSA can work with keys of different keys of length: 1024, 2048, 3072, 4096, 8129, 16384 or even more bits. Key length of 3072-bits and above are considered secure. Longer keys provide higher security but consume more computing time, so there is a tradeoff between security and speed. Very long RSA keys (e.g. 50000 bits or 65536 bits) may be too slow for practical use, e.g. key generation may take from several minutes to several hours.

The integer number n is called "modulus" and it defines the RSA key length. It is typically very large prime number (e.g. 2048 bits).

The pair {n, e} is the public key. It is designed to be shared with everyone. The number e is called "public key exponent". It is usually 65537 (0x010001).

The pair {n, d} is the private key. It is designed to be kept in secret. It is practically infeasible to calculate the private key from the public key {n, e}. The number d is called "private key exponent" (the secret exponent).

RSA Cryptography: Encrypt a Message

Encrypting a message using certain RSA public key {n, e} is done by the following transformation:

encryptedMsg = (msg)e mod n

The msg here is a number in the range [0...n). Text messages should be encoded as integers in the range [0...n) before encryption (see EAOP). For larger texts, hybrid encryption should be used (encrypt a secret key and use it to symmetrically encrypt the text, see RSA-KEM).

The above operation cannot be reversed: no efficient algorithm exists to calculate msg from encryptedMsg, e and n (see the RSA problem), which all are public (non-secret) by design.

RSA Cryptography: Decrypt a Message

Decrypting the encrypted message using the corresponding RSA private key {n, d} is done by the following transformation:

decryptedMsg = (encryptedMsg)d mod n

Why this is correct? Recall, that by definition the RSA key-pair has the following property:

Because RSA encryption is a deterministic (has no random component) attackers can successfully launch a chosen plaintext attack against by encrypting likely plaintexts with the public key and test if they are equal to the ciphertext. This may not be a problem, but is a weakness, that should be considered when developers choose an encryption scheme.